5.3

CVE-2018-1313

EPSS 0.89%
Published 07.05.2018 13:29:00
Last modified 21.11.2024 03:59:36
Source security@apache.org
Teams watchlist Login
Open Login

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.

Affected products Warnungen 0 Metrics 3 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Derby Version >= 10.3.1.4 <= 10.14.1.0

Oracle ≫ Weblogic Server Version12.2.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.89%	0.748

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch

Third Party Advisory

http://www.securityfocus.com/bid/104140

Broken Link

https://lists.apache.org/thread.html/r437d94437e6aef31af689b1e7025d024d676fd1ea9901d74e3e9ae48%40%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/r6755f48d4f5e44e39bba7dbf8d746678239d7f1f2cc108125519ce53%40%3Cissues.hive.apache.org%3E

https://lists.apache.org/thread.html/re29ab90978e6c997377fb975f674f7514f6beb642bbf79deb45477e5%40%3Cdev.hive.apache.org%3E

https://markmail.org/message/akkappppxcdqrgxk

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2018-1313

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1313

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1313

EUVD